Given the security blogger released his code - just a matter of time before the house of cards comes crashing down. Read the article on Ars and wanted to facepalm half way though at how it was setup (the device). Interesting on Nomx's site they 1. Attack the blogger saying he couldn't write a working payload and had to go somewhere else (but fail to mention that the revised payload did work) and 2. that he used Nomx default admin account to conduct the attack. They also mention that visiting a compromised site or visiting a phishing link was unlikely (they claim while still logged their nomx but I'd be curious is such an attack would be able to see the device anyways if its still on the network)